Lab 1: NSO Installation on Ubuntu 18.4

Lab 1: NSO Installation on Ubuntu 18.4

Task 1: Installing NSO on Ubuntu 18.4 Workstation:

Before beginning this lab on your workstation, install a standard set of integrated development applications, tools, and interfaces.

Step 1: Access the browser console of your Linux machine and download the Cisco Network Services Orchestrator (NSO) and required Network Element Drivers (NEDs):

NSO 5.3 Mac: https://developer.cisco.com/fileMedia/download/a7220dd6-e7d2-3c75-8ef4-7fd3fa7bc477

NSO 5.3 Linux: https://developer.cisco.com/fileMedia/download/da6e8ed4-0b65-357a-9cf3-c1b3357a2ad4

Cisco IOS (XE) NED: https://developer.cisco.com/fileMedia/download/1ce0318d-4ce3-34cf-a577-ebdf97a46371

Cisco IOS XR NED: https://developer.cisco.com/fileMedia/download/4c95fe20-9c61-37a2-aa25-c5967f9aefc2

Cisco NXOS NED: https://developer.cisco.com/fileMedia/download/838b1755-64e8-3c62-8527-35ab0069805c

Cisco ASA NED: https://developer.cisco.com/fileMedia/download/017caac8-f711-33fe-9e1a-143fe221b818

For NSO Installation in small networks (less than 10 devices) we only need a single vCPU and 4-8 GB of RAM.

NSO can be a memory intensive application, so if you are encountering issues, try increasing the RAM size. If you use Vagrant or docker to manage local Linux virtual machines, there is a NSO Vagrant file and NSO Docker file for your convenience.

Now let us install Java and ANT, these are prerequisites for NSO. Apache Ant is a Java library and tool for building files and other dependencies:

Step 2: Access the Terminal window of Linux machine and install JRE and ANT, use following command:

$ 	sudo apt install default-jre
$	sudo apt install ant

NSO Installation

Local vs System Installation

Before you install NSO onto your system, you need to decide whether to do a “System” or “Local” installation. Here’s a simple breakdown of the two.

System Install is used when installing NSO for a centralized, “always-on”, production grade purpose. It is configured as a system daemon that would start and end with the underlying operating system. The default users of admin and oper are not included and the file structure is more distributed.

Local Install is used for development, lab, and evaluation purposes. It unpacks all the application components, including docs and examples, and can be used by the engineer to run multiple, unrelated, instances of NSO for different labs and demos on a single workstation .

For those just getting started, this guide will be using a Local Installation of NSO. The NSO documentation has details on how to handle a system install.

Performing a Local Installation

Once you’ve installed the pre-reqs and downloaded the NSO installation file for your operating system, you are ready to do your installation.

Step 3: Access the Terminal window of Linux machine and navigate to the directory where you downloaded the installer:

Make sure you have the correct installer binary for your OS.

$	cd ~/Downloads	 
$	ll nso*.bin	

Following output will be displayed.

-rw-rw-r - -  1 	rst rst	208174605	May  3 15:25	nso-5.3.linux.x86_64.signed.bin	

Note: If your file is a signed.bin file, this means that the file you downloaded has been digitally signed by Cisco, and when you execute it you’ll verify the signature and unpack the installer.bin . If you have the installer.bin skip down past the signed steps.

Step 4: Use the sh command to “run” the signed.bin to verify the certificate and extract the installer binary and other files:

$ 	sudo apt install python	
$	sh nso-5.3.linux.x86_64.signed.bin

Following output will be displayed.

Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of nso-5.3.linux.x86_64.installer.bin using tailf.cer
  

Step 5: Check files that are installed

$  ls 	 

Following output will be displayed.

cisco_x509_verify_release.py
nso-5.3.linux.x86_64.signed.bin
nso-5.3.linux.x86_64.installer.bin            
README.signature
nso-5.3.linux.x86_64.installer.bin.signature  
tailf.cer
  

The NSO installer nso-VERSION.OS.ARCH.installer.bin

Signature generated for the NSO image nso-VERSION.OS.ARCH.installer.bin.signature

An enclosed Cisco signed tailf.cer x.509 end-entity certificate containing the public key that is used to verify the signature.

README.signature file which briefs you more details on the unpacked content and the steps on “How to run the signature verification program”. If you would like to manually verify the signature, please refer to the steps in this file.

cisco_x509_verify_release.py python program that can be used to verify the 3-tier x.509 certificate chain and signature.

Step 6: Run the installer with the argument –local-install ~/nso-5.3 to install it into your home directory:

$	sh nso-5.3.linux.x86_64.installer.bin --local-install ~/nso-5.3

Following output will be displayed.

INFO  Using temporary directory /tmp/ncs_installer.10704 to stage NCS installation bundle
INFO  Unpacked ncs-5.3 in /home/rst/ns5.3
INFO  Found and unpacked corresponding DOCUMENTATION_PACKAGE
INFO  Found and unpacked corresponding EXAMPLE_PACKAGE
INFO  Found and unpacked corresponding JAVA_PACKAGE
INFO  Generating default SSH hostkey (this may take some time)
INFO  SSH hostkey generated
INFO  Environment set-up generated in /home/rst/nso-5.3/ncsrc
INFO  NSO installation script finished
INFO  Found and unpacked corresponding NETSIM_PACKAGE
INFO  NCS installation complete

That’s all it is installed.

Step 7: Exploring the Installation:

Before we startup NSO, let’s just look at what we have. Go into the new installation directory and explore:

$	cd ~/nso-5.3

Along with the binaries, NSO installs a full set of documentation in the ‘doc’ folder of ~/nso-5.3 directory:

$	ll doc/

Following output will be displayed.

drwxr-xr-x   5 user  staff   160B Nov 29 05:19 api/
drwxr-xr-x  14 user  staff   448B Nov 29 05:19 html/
-rw-r--r--   1 user  staff   202B Nov 29 05:19 index.html
drwxr-xr-x  17 user  staff   544B Nov 29 05:19 pdf/

Feel free to open up the index.html file in your favorite browser and poke around (you can use the open command in the terminal to open the file). You’ll find installation, admin, user, development, and more guides available for you to jump right into.

Examples

An NSO Local Install also comes with A LOT of examples of a variety of different types of ways you can use NSO. Many of these touch on advanced topics, but there are plenty of basic ones as well. Here is the high level directories of examples in ~/nso-5.3/examples.ncs

$	cd ~/nso-5.3/
$	ll examples.ncs/

Following output will be displayed.

-rw-r--r--   1 user  staff   1.0K Nov 29 05:17 README
drwxr-xr-x   4 user  staff   128B Nov 29 04:50 datacenter/
drwxr-xr-x   3 user  staff    96B Nov 29 04:50 generic-ned/
drwxr-xr-x   4 user  staff   128B Nov 29 04:50 getting-started/
drwxr-xr-x   7 user  staff   224B Nov 29 04:50 service-provider/
drwxr-xr-x   3 user  staff    96B Nov 29 04:50 snmp-ned/
drwxr-xr-x  11 user  staff   352B Nov 29 05:17 snmp-notification-receiver/
drwxr-xr-x   5 user  staff   160B Nov 29 04:50 web-server-farm/

Step 8 : Exploring NEDs or Network Element Drivers:

In order to “talk to” the network, NSO uses NEDs as device drivers for different device types. Cisco has NEDs for hundreds of different devices available for customers, and several are included in the installer in the ~/nso-5.3/packages/neds directory:

$	cd ~/nso-5.3/packages/neds
$	ll 

Following output will be displayed.

drwxr-xr-x  13 user  staff   416B Nov 29 05:17 a10-acos-cli-3.0/
drwxr-xr-x  12 user  staff   384B Nov 29 05:17 alu-sr-cli-3.4/
drwxr-xr-x  13 user  staff   416B Nov 29 05:17 cisco-asa-cli-6.6/
drwxr-xr-x  12 user  staff   384B Nov 29 05:17 cisco-ios-cli-3.0/
drwxr-xr-x  12 user  staff   384B Nov 29 05:17 cisco-ios-cli-3.8/
drwxr-xr-x  13 user  staff   416B Nov 29 05:17 cisco-iosxr-cli-3.0/
drwxr-xr-x  13 user  staff   416B Nov 29 05:17 cisco-iosxr-cli-3.5/
drwxr-xr-x  13 user  staff   416B Nov 29 05:17 cisco-nx-cli-3.0/
drwxr-xr-x  13 user  staff   416B Nov 29 05:17 dell-ftos-cli-3.0/
drwxr-xr-x  10 user  staff   320B Nov 29 05:17 juniper-junos-nc-3.0/

Here you can see there are NEDs for Cisco ASA, IOS, IOS XR, and NX-OS. Also included are NEDs for other vendors including Juniper JunOS, A10, ALU and Dell.

Note: The NEDs included in the installer are intended for evaluation, demonstration, and use with the examples.ncs that are also included. These are not the latest versions available, and often don’t have all the features available in production NEDs.

Task 2: Installing New NED Versions:

Note: Evaluation copy has been provided under the terms of the Cisco NSO Evaluation License. You can download from the link provided below:

Cisco IOS (XE) NED: https://developer.cisco.com/fileMedia/download/1ce0318d-4ce3-34cf-a577-ebdf97a46371

Cisco IOS XR NED: https://developer.cisco.com/fileMedia/download/4c95fe20-9c61-37a2-aa25-c5967f9aefc2

Cisco NXOS NED: https://developer.cisco.com/fileMedia/download/838b1755-64e8-3c62-8527-35ab0069805c

Cisco ASA NED: https://developer.cisco.com/fileMedia/download/017caac8-f711-33fe-9e1a-143fe221b818

Alternatively, we can down load the NEDs from following URL: https://developer.cisco.com/docs/nso/#!getting-nso/downloads

NOTE: the specific file names and versions you download maybe different from this guide. Update the paths appropriately.

Like the NSO installer, the NEDs are signed.bin files that need to be run to validate the download and extract the new code.

Step 1: Access the Terminal window of your Linux machine and find the downloaded files, use following command:

Note: the filenames indicate which version of NSO the NEDs are pre-compiled for (in this case NSO 5.3), and the version of the NED.

$	cd ~/Downloads/
$	ls -l ncs*.bin

Following output will be seen on the screen of your terminal window:

-rw-r--r--@ 1 user  staff   9708091 Dec 18 12:05 ncs-5.3-cisco-asa-6.7.7.signed.bin
-rw-r--r--@ 1 user  staff   51233042 Dec 18 12:06 ncs-5.3-cisco-ios-6.42.1.signed.bin
-rw-r--r--@ 1 user  staff   8400190 Dec 18 12:05 ncs-5.3-cisco-nx-5.13.1.1.signed.bin
-rw-r--r--@ 1 user  staff   8400190 Dec 18 12:05 ncs-5.3-cisco-iosxr-7.18.2.signed.bin

Step 2: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:

$	sh ncs-5.3-cisco-iosxr-7.18.2.signed.bin

Following output will be seen on the screen of your terminal window:

Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-iosxr-7.18.2.tar.gz using tailf.cer

Step 3: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:

$ 	sh ncs-5.3-cisco-ios-6.42.1.signed.bin

Following output will be seen on the screen of your terminal window:

Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-ios-6.42.1.tar.gz using tailf.cer

Step 4: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:

$ 	sh ncs-5.3-cisco-asa-6.7.7.signed.bin

Following output will be seen on the screen of your terminal window:

Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-asa-6.7.7.tar.gz using tailf.cer

Step 5: Access the Terminal window of your Linux machine and Use the sh command to “run” the signed.bin to verify the certificate and extract the NED tar.gz and other files, use following command:

$ 	sh ncs-5.3-cisco-nx-5.13.1.1.signed.bin

Following output will be seen on the screen of your terminal window:

Unpacking...
Verifying signature...
Downloading CA certificate from http://www.cisco.com/security/pki/certs/crcam2.cer ...
Successfully downloaded and verified crcam2.cer.
Downloading SubCA certificate from http://www.cisco.com/security/pki/certs/innerspace.cer ...
Successfully downloaded and verified innerspace.cer.
Successfully verified root, subca and end-entity certificate chain.
Successfully fetched a public key from tailf.cer.
Successfully verified the signature of ncs-5.3-cisco-nx-5.13.1.1.tar.gz using tailf.cer

Step 6: You now have 4 tarballs (.tar.gz) files. These are compressed versions of the NEDs.

$	ls -l ncs*.tar.gz

Following output will be seen on the screen of your terminal window:

-rw-r--r-- 1 rst rst  9704896 Dec 13 07:41 ncs-5.3-cisco-asa-6.7.7.tar.gz
-rw-r--r-- 1 rst rst 51508674 Jan5 14:47 ncs-5.3-cisco-ios-6.42.1.tar.gz
-rw-r--r-- 1 rst rst 39339975 Dec 28 01:26 ncs-5.3-cisco-iosxr-7.18.2.tar.gz
-rw-r--r-- 1 rst rst8409288 Dec 18 19:39 ncs-5.3-cisco-nx-5.13.1.1.tar.gz

Step 7: Navigate to the packages/neds directory for your local-install:

$	cd ~/nso-5.3/packages/neds

While in ~/nso-5.3/packages/neds directory, extract the tarballs into this directory using the tar command with the path to where the compressed NED is located:

Step 8: Update the path and file name for the NED versions you downloaded:

$	tar -zxvf ~/Downloads/ncs-5.3-cisco-nx-5.13.1.1.tar.gz
$	tar -zxvf ~/Downloads/ncs-5.3-cisco-ios-6.42.1.tar.gz
$	tar -zxvf ~/Downloads/ncs-5.3-cisco-asa-6.7.7.tar.gz
$	tar -zxvf ~/Downloads/ncs-5.3-cisco-iosxr-7.18.2.tar.gz

Here is a sample list of the newer NEDs extracted along with the ones bundled with the installation:

$ 	ls -al

Following output will be seen on the screen of your terminal window:

drwxr-xr-x 16 rst rst 4096 May  3 17:35 .
drwxr-xr-x  6 rst rst 4096 Nov 29 15:47 ..
drwxr-xr-x  8 rst rst 4096 Nov 29 15:47 a10-acos-cli-3.0
drwxr-xr-x  7 rst rst 4096 Nov 29 15:47 alu-sr-cli-3.4
drwxr-xr-x  8 rst rst 4096 Nov 29 15:47 cisco-asa-cli-6.6
drwxr-xr-x  8 rst rst 4096 Dec 13 07:41 cisco-asa-cli-6.7
drwxr-xr-x  7 rst rst 4096 Nov 29 15:47 cisco-ios-cli-3.0
drwxr-xr-x  7 rst rst 4096 Nov 29 15:47 cisco-ios-cli-3.8
drwxr-xr-x  8 rst rst 4096 Jan  5 14:47 cisco-ios-cli-6.42
drwxr-xr-x  8 rst rst 4096 Nov 29 15:47 cisco-iosxr-cli-3.0
drwxr-xr-x  8 rst rst 4096 Nov 29 15:47 cisco-iosxr-cli-3.5
drwxr-xr-x  9 rst rst 4096 Dec 28 01:26 cisco-iosxr-cli-7.18
drwxr-xr-x  8 rst rst 4096 Nov 29 15:47 cisco-nx-cli-3.0
drwxr-xr-x  9 rst rst 4096 Dec 18 19:39 cisco-nx-cli-5.13
drwxr-xr-x  8 rst rst 4096 Nov 29 15:47 dell-ftos-cli-3.0
drwxr-xr-x  5 rst rst 4096 Nov 29 15:47 juniper-junos-nc-3.0

And now you have the newer NED versions available, as well as the demo/evaluation versions included with NSO itself!

NCSRC

The last thing to note are the files ncsrc and ncsrc.tsch . These are shell scripts for bash and tsch that setup your PATH and other environment variables for NSO. Depending on your shell, you will need source this file before starting your NSO work.

# NOTE your path may be different, double check!

$ 	source $HOME/nso-5.3/ncsrc

Most users add source ~/nso-5.3/ncsrc to their ~/.bash_profile , but you can just do it manually when you want it. Once it has been “sourced” you have access to all the NSO executable commands – which start with ncs

BASH

$	ncs {TAB} {TAB}

Following output will be seen on the screen of your terminal window:

ncs                      ncs-maapi                ncs-project              ncs-start-python-vm      ncs_cmd                  ncs_load                 
ncs-backup               ncs-make-package         ncs-setup                ncs-uninstall            ncs_conf_tool            ncsc                     
ncs-collect-tech-report  ncs-netsim               ncs-start-java-vm        ncs_cli                  ncs_crypto_keys 

Task 3: Creating an Instance of NSO:

A NSO Local Install unpacks and prepares your system to run NSO, but doesn’t actually start it up . A Local Install allows the engineer to create an NSO “instance” tied to a project, which you have not done yet.

If you are familiar with Python, you can think of this like creating a Python virtual environment after installing Python. Within this NSO instance, you will have different inventory, configuration, and code.

Using ncs-setup to Create an NSO Instance

One of the included scripts with an NSO installation is ncs-setup , which makes it very easy to create instances of NSO from a Local Install. You can look at the –help for full details, but the two options we need to know are: * –dest defines the directory where you want to setup NSO (if the directory does not exist, it will be created) * –package defines the NEDs you want to this NSO instance to have installed. You can specify this option multiple times.

Note: NCS is the original name of the NSO product, so many the commands and application features will be prefaced with ncs. Think of ncs as another name for NSO.

Go ahead and run this command to setup an NSO instance in the current directory with the IOS, NX-OS, IOS-XR and ASA NEDs, you only need one NED per platform that you want NSO to manage (even though you may have multiple versions in your installer neds directory).

You will want to use the name of the NED folder in ${NCS_DIR}/packages/neds for the latest NED version you’ve got installed for the target platform. You can use tab complete after you start typing a path (or just copy and paste, though double check the NED version numbers below match what is currently on the system to avoid a syntax error):

Step 1: Type the command as seen below, it is a single command:

ncs-setup --package ~/nso-5.3/packages/neds/cisco-ios-cli-6.42 \
--package ~/nso-5.3/packages/neds/cisco-nx-cli-5.13 \
--package ~/nso-5.3/packages/neds/cisco-iosxr-cli-7.18 \
--package ~/nso-5.3/packages/neds/cisco-asa-cli-6.7 \
--dest nso-instance

OR

ncs-setup --package ~/nso-5.3/packages/neds/cisco-ios-cli-6.42    --package ~/nso-5.3/packages/neds/cisco-nx-cli-5.13    --package ~/nso-5.3/packages/neds/cisco-iosxr-cli-7.18    --package ~/nso-5.3/packages/neds/cisco-asa-cli-6.7    --dest nso-instance

If you checkout the nso-instance directory now, you’ll find several new files and folders have been created. This guide won’t go through them all in detail now, but a couple are handy to know about.

ncs.conf is the NSO application configuration file. Used to customize aspects of the NSO instance (change ports, enable / disable features, etc.). The defaults are often perfect for projects like this.

packages/ is the directory that has symlinks to the NEDs that we referenced in the –package arguments at setup.

logs/ is the directory that contains all the logs from NSO. This directory is useful when troubleshooting.

$ 	ls nso-instance/

logs ncs-cdb ncs.conf packages README.ncs scripts state

$ 	cd nso-instance/packages/
$ 	ls -al
total 12
drwxr-xr-x 3 rst rst 4096 May  3 18:17 .
drwxr-xr-x 7 rst rst 4096 May  3 18:04 ..
lrwxrwxrwx 1 rst rst   49 May  3 18:06 cisco-asa-cli-6.7 -> /home/rst/nso-5.3/packages/neds/cisco-asa-cli-6.7
lrwxrwxrwx 1 rst rst   50 May  3 18:06 cisco-ios-cli-6.42 -> /home/rst/nso-5.3/packages/neds/cisco-ios-cli-6.42
lrwxrwxrwx 1 rst rst   52 May  3 18:06 cisco-iosxr-cli-7.18 -> /home/rst/nso-5.3/packages/neds/cisco-iosxr-cli-7.18
lrwxrwxrwx 1 rst rst   49 May  3 18:06 cisco-nx-cli-5.13 -> /home/rst/nso-5.3/packages/neds/cisco-nx-cli-5.13
drwxr-xr-x 7 rst rst 4096 May  3 18:17 nso-instance

Now you need to “start” your NSO instance. Navigate to the nso-instance directory and type the command ncs . It will take a few seconds to run, and you won’t get any explicit output unless there is a problem.

Note: you need to be in the nso-instance directory each time you want to start or stop NSO. If you have multiple instances, you need to navigate to each one to use the ncs command to start or stop each one.

$	ncs

This will take some time

You can verify that NSO is running by using the ncs –status | grep status command, which has a large amount of information, so we use grep to just search for the status:

$ 	ncs --status | grep status
status: started
db=running id=31 priority=1 path=/ncs:devices/device/live-status-protocol/device-type

Now you should add either some netsim devices ( ncs-netsim -h ) or lab devices to NSO and get automating!

Getting Started

We recommend that you start with the Getting Started guide in the doc directory $HOME/nso-VERSION/doc/pdf/nso_getting_started-VERSION.pdf

There are a lot of examples in the $HOME/nso-VERSION/examples.ncs directory. Each example has a README file that explains how to run it.

Sandboxes

If you do not want to download and install Cisco NSO, please check out the NSO Reservable Sandbox on DevNet . There is also an associated tutorial called Learn NSO the Easy Way

Still Need help?

There is a lot of material on the NSO Developer Hub

This is also where you can ask questions about anything NSO-related.